“I want to have snoop-free online communication. Should I go with Telegram or Signal?”
Most mainstream sources right now are pushing Signal, claiming it has better encryption. Let’s look at this claim, along with some other facts that have been modified or hidden from most of us.
– For-profit company run by Pavel Durov, a Russian dissident who refused to give the keys to Russian government.
– 200,000 user max per group
– 2GB file sharing
– Cloud message sync for peer-server-peer encrypted messaging (default) so you can access your conversations from all your devices.
– You can choose peer-peer encrypted messaging, more secure but less convenient to continue conversations across all devices.
– You don’t have to share your phone number to establish contact with other users; you can use your user id.
– You can set self-destruct timer on peer-peer chats.
– You can edit your messages.
– You can lock/unlock your chats.
– Non-profit company run by a CIA-money-backed individual, “Moxie Marlinspike”. More on this below.
– 1,000 user max per group
– 100MB file sharing limit
– No cloud message sync because no peer-server-peer messaging available.
– You have to share your phone number to establish contact with other users.
– You can set self-destruct timer on peer-peer chats.
– You can not edit your messages.
– You can not lock your chats.
So, given the facts above, why are most mainstream sources reporting that Telegram (a) doesn’t have peer-to-eer (end-to-end) encryption; and/or (b) Telegram’s encryption isn’t as “good”? The short answer:
Signal’s default (and only) mode is encrypted peer-to-peer, while Telegram’s default is encrypted peer-to-server-to-peer, with an option for encrypted peer-to-peer, which Telegram calls “Secret Chat”. Some sources either do not know this feature exists (always has) or they choose to ignore or misrepresent this fact. Maybe they just like the fact that Signal makes the decision for you and Telegram gives you too many pesky choices?
Why does Telegram even provide, peer-to-server-to-peer as an option? If you have played with both apps or looked at the comparison chart above, you may have noticed how many more features Telegram has.
The most useful of these extra features provided only by Telegram, being able to start a conversation on your computer, jump in your car, and continue the conversation on your phone, requires a server in the middle. Your messages are still encrypted.
But yes, the server in the middle does introduce an added potential for hackers to intercept your messages. And for Telegram to share your data, if they chose to. This is at the core of complaints that Telegram is “not as secure”. It is this author’s opinion that the point is moot, given that users can choose to utilize Telegram’s peer-to-peer mode if they desire.
Finally, before we flesh out a few details, a fact that may concern many of us, especially when we care about our personal conversations being shared with governments:
Signal’s relationship with the US Government
“…Invented by a self-styled radical cryptographer who goes by the name of Moxie Marlinspike (although his real name may or may not be Matthew Rosenfeld or Mike Benham), Signal was brought to life with funding from the BBG (CIA spinoff entity) – supported Open Technology Fund (which has pumped in almost $3 million since 2013), and appears to rely on continued government funding for survival. Despite the service’s close ties to an organization spun off from the CIA, the leading lights of America’s privacy and crypto community back the app…” from https://thebaffler.com/salvos/the-crypto-keepers-levine
Pavel Valerievich Durov is a Russian entrepreneur who is best known for being the founder of the social networking site VK, and later the Telegram Messenger. He is the younger brother of Nikolai Durov. Since being dismissed as CEO of VK in 2014, the Durov brothers have traveled the world in self-imposed exile as citizens of Saint Kitts and Nevis. In 2017 Pavel joined the World Economic Forum Young Global Leaders as a representative of Finland.
Born: Pavel Valerievich Durov, October 10, 1984, Leningrad, Russian SFSR, Soviet Union
Nationality: Russian, Citizenship: Russian, Kittitian
Want to hear directly from Pavel? He isn’t shy: https://t.me/durov
That all said, the evidence above is not conclusive that Signal is a “honeypot” that sells your data or metadata to the US government. Nor are the concerns about Pavel joining the World Economic Forum. If you choose to use either of these apps, you are probably much safer than if you merely use unencrypted texting or email.
Involvement of intelligence agencies in a crypto company or technology is not evidence that the technology or company is insecure. NSA has participated in development of AES, DES, SHA and other commonly used encryption. Intelligence agencies have interests in developing encryption for national security reasons, so often they fund research and/or employ people connected with such research. No encryption should be assumed 100% unbreakable either since the trend historically has shown attacks being discovered long after usage is adopted, eg SSL.
Finally finally, please share this around! It’s probably better safe than sorry for all those out there who believe their communications to be 100% secure. I don’t believe any form of communication short of telepathy is 100% secure. But let’s aim high!
Oh and if you have friends who don’t see a need for privacy at all, you may want to share the following article with them: https://clearsay.net/why-telegram-vs-fb-messenger-texting